Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WzHxjRi1XZS4qHZfKbGQl9rOKRY.roa
File:                     WzHxjRi1XZS4qHZfKbGQl9rOKRY.roa (raw, json)
Hash identifier:          probkF9Ot2glZwiRhxjEn8kmNIuJ24i9TtOPoJ27mFY=
Subject key identifier:   5B:31:F1:8D:18:B5:5D:94:B8:A8:76:5F:29:B1:90:97:DA:CE:29:16
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C4CA256D58EA864AED8571A6622C1B415
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WzHxjRi1XZS4qHZfKbGQl9rOKRY.roa
Signing time:             Wed 11 Feb 2026 12:17:13 +0000
ROA not before:           Wed 11 Feb 2026 12:17:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203307
IP address blocks:        45.158.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:a2:56:d5:8e:a8:64:ae:d8:57:1a:66:22:c1:b4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 11 12:17:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b31f18d18b55d94b8a8765f29b19097dace2916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:69:24:43:b9:3e:06:46:8f:ad:5c:ab:37:70:
                    be:a4:0b:e5:75:d3:6f:ce:52:25:a4:df:29:ae:04:
                    b1:1a:97:54:7a:fe:67:65:31:9a:09:6a:d1:b0:d1:
                    cf:30:06:09:7f:cf:39:1d:a1:df:c9:7a:3c:e5:d6:
                    c5:62:c2:ac:a1:97:fd:85:f9:6b:21:68:45:96:23:
                    81:f4:76:d8:f1:b3:e1:7e:fb:b8:37:b7:40:32:df:
                    37:8c:ab:fe:ca:2b:8e:a9:55:44:9a:7b:d7:51:6f:
                    cf:00:30:b3:2b:0b:a2:6e:6d:db:3f:06:7a:c4:b8:
                    f2:c1:d2:91:94:13:14:7d:50:a1:bd:ea:2d:19:ea:
                    81:44:25:4e:d6:33:0e:48:97:20:aa:86:af:48:ec:
                    b1:b5:c1:f2:19:73:32:a4:69:23:d3:22:bd:b7:fd:
                    c5:43:de:35:a2:d3:26:4a:ca:72:8d:18:6a:64:56:
                    d2:20:8e:34:58:0e:17:81:c3:3c:4b:78:a1:a9:1e:
                    b8:5c:d0:82:18:f7:55:93:98:fa:86:b6:c4:b3:98:
                    6c:42:ab:d8:e8:44:a5:f9:da:8a:74:86:be:06:0c:
                    80:29:46:9a:a4:dd:ee:80:13:12:41:25:1f:a0:d9:
                    6e:47:08:aa:75:be:0b:08:80:d5:9a:cc:59:b1:04:
                    08:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:31:F1:8D:18:B5:5D:94:B8:A8:76:5F:29:B1:90:97:DA:CE:29:16
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WzHxjRi1XZS4qHZfKbGQl9rOKRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:86:57:77:ef:58:4f:45:61:8d:d5:1d:6c:22:25:49:48:8c:
         97:bf:b5:7c:ce:89:94:6e:9f:0f:db:43:8a:0f:9d:51:15:82:
         fe:81:f2:4b:80:0b:e1:16:92:9c:89:93:c8:08:e8:db:64:2d:
         f3:ed:ed:47:17:92:cb:c9:70:c5:16:76:ae:b7:46:2c:8d:5a:
         34:eb:ee:5f:41:be:a7:ff:96:33:52:40:d8:a0:2d:a5:f3:93:
         02:fd:6d:cc:85:28:2d:d8:66:6d:27:8c:e8:39:bd:1b:5d:28:
         2d:bf:ac:95:0a:b8:22:64:e2:33:4e:23:0d:14:e6:f7:ca:44:
         55:e1:a1:d2:f5:bd:a3:d1:20:9f:23:42:a8:76:b7:69:f2:70:
         c3:ab:38:1e:e2:5d:63:74:df:42:5e:6f:0a:f0:4a:ed:f0:ba:
         2f:9b:4c:21:e7:56:84:f2:8a:b1:a0:f9:95:a0:35:4d:8c:11:
         bd:11:44:8a:fe:9b:cf:91:5d:af:fc:98:8b:af:e0:ba:8e:b9:
         c3:78:bb:db:06:13:52:81:10:0e:3b:f1:51:5b:25:97:b2:c7:
         57:4a:13:38:8f:5e:ae:d9:67:72:92:12:94:38:4a:f6:bc:a3:
         7a:b5:3f:78:61:68:25:d8:62:7e:52:77:ae:e3:f7:79:58:8e:
         1e:2a:91:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxMolbVjqhkrthXGmYiwbQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjExMTIxNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjMxZjE4ZDE4YjU1ZDk0YjhhODc2NWYyOWIxOTA5N2RhY2UyOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WkkQ7k+BkaPrVyrN3C+pAvlddNv
zlIlpN8prgSxGpdUev5nZTGaCWrRsNHPMAYJf885HaHfyXo85dbFYsKsoZf9hflr
IWhFliOB9HbY8bPhfvu4N7dAMt83jKv+yiuOqVVEmnvXUW/PADCzKwuibm3bPwZ6
xLjywdKRlBMUfVChveotGeqBRCVO1jMOSJcgqoavSOyxtcHyGXMypGkj0yK9t/3F
Q941otMmSspyjRhqZFbSII40WA4XgcM8S3ihqR64XNCCGPdVk5j6hrbEs5hsQqvY
6ESl+dqKdIa+BgyAKUaapN3ugBMSQSUfoNluRwiqdb4LCIDVmsxZsQQITQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsx8Y0YtV2UuKh2XymxkJfazikWMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvV3pIeGpSaTFYWlM0cUhaZktiR1FsOXJPS1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ64MA0G
CSqGSIb3DQEBCwUAA4IBAQAFhld371hPRWGN1R1sIiVJSIyXv7V8zomUbp8P20OK
D51RFYL+gfJLgAvhFpKciZPICOjbZC3z7e1HF5LLyXDFFnaut0YsjVo06+5fQb6n
/5YzUkDYoC2l85MC/W3MhSgt2GZtJ4zoOb0bXSgtv6yVCrgiZOIzTiMNFOb3ykRV
4aHS9b2j0SCfI0Kodrdp8nDDqzge4l1jdN9CXm8K8Ert8Lovm0wh51aE8oqxoPmV
oDVNjBG9EUSK/pvPkV2v/JiLr+C6jrnDeLvbBhNSgRAOO/FRWyWXssdXShM4j16u
2WdykhKUOEr2vKN6tT94YWgl2GJ+Uneu4/d5WI4eKpG+
-----END CERTIFICATE-----